[Python-modules-commits] [python-rsa] 03/09: New upstream version 3.4.2
Takaki Taniguchi
takaki at moszumanska.debian.org
Tue Oct 11 04:55:26 UTC 2016
This is an automated email from the git hooks/post-receive script.
takaki pushed a commit to branch master
in repository python-rsa.
commit b680e4b523d16f0354f3f5df9b216f83a258c7b2
Author: TANIGUCHI Takaki <takaki at asis.media-as.org>
Date: Tue Oct 11 13:39:44 2016 +0900
New upstream version 3.4.2
---
CHANGELOG.txt | 142 +++++++++++++++
LICENSE | 2 +-
MANIFEST.in | 5 +-
PKG-INFO | 10 +-
README.md | 44 +++++
README.rst | 31 ----
create_timing_table.py | 14 +-
rsa.egg-info/PKG-INFO | 10 +-
rsa.egg-info/SOURCES.txt | 11 +-
rsa.egg-info/entry_points.txt | 8 +-
rsa.egg-info/requires.txt | 2 +-
rsa/__init__.py | 17 +-
rsa/_compat.py | 16 +-
rsa/_version133.py | 45 ++---
rsa/_version200.py | 46 +----
rsa/asn1.py | 32 ++--
rsa/bigfile.py | 72 ++++++--
rsa/cli.py | 138 +++++++-------
rsa/common.py | 73 ++++----
rsa/core.py | 19 +-
rsa/key.py | 407 +++++++++++++++++++++++++++---------------
rsa/parallel.py | 52 +++---
rsa/pem.py | 41 +++--
rsa/pkcs1.py | 262 +++++++++++++--------------
rsa/prime.py | 174 +++++++++---------
rsa/randnum.py | 35 ++--
rsa/transform.py | 42 +++--
rsa/util.py | 36 ++--
rsa/varblock.py | 66 ++++---
run_tests.py | 57 ------
setup.py | 81 +++++----
tests/constants.py | 23 ---
tests/private.pem | 5 +
tests/py2kconstants.py | 17 --
tests/py3kconstants.py | 17 --
tests/test_bigfile.py | 17 +-
tests/test_common.py | 12 +-
tests/test_compat.py | 7 +-
tests/test_integers.py | 16 +-
tests/test_key.py | 42 +++++
tests/test_load_save_keys.py | 63 +++++--
tests/test_parallel.py | 20 +++
tests/test_pem.py | 57 +++++-
tests/test_pkcs1.py | 45 +++--
tests/test_prime.py | 44 +++++
tests/test_strings.py | 12 +-
tests/test_transform.py | 6 +-
tests/test_varblock.py | 18 +-
48 files changed, 1407 insertions(+), 1004 deletions(-)
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
new file mode 100644
index 0000000..b6c772f
--- /dev/null
+++ b/CHANGELOG.txt
@@ -0,0 +1,142 @@
+Python-RSA changelog
+========================================
+
+Version 3.4.2 - released 2016-03-26
+----------------------------------------
+
+- Fixed dates in CHANGELOG.txt
+
+
+Version 3.4.1 - released 2016-03-26
+----------------------------------------
+
+- Included tests/private.pem in MANIFEST.in
+- Included README.md and CHANGELOG.txt in MANIFEST.in
+
+
+Version 3.4 - released 2016-03-17
+----------------------------------------
+
+- Moved development to Github: https://github.com/sybrenstuvel/python-rsa
+- Solved side-channel vulnerability by implementing blinding, fixes #19
+- Deprecated the VARBLOCK format and rsa.bigfile module due to security issues, see
+ https://github.com/sybrenstuvel/python-rsa/issues/13
+- Integration with Travis-CI [1], Coveralls [2] and Code Climate [3]
+- Deprecated the old rsa._version133 and rsa._version200 submodules, they will be
+ completely removed in version 4.0.
+- Add an 'exponent' argument to key.newkeys()
+- Switched from Solovay-Strassen to Miller-Rabin primality testing, to
+ comply with NIST FIPS 186-4 [4] as probabilistic primality test
+ (Appendix C, subsection C.3):
+- Fixed bugs #12, #14, #27, #30, #49
+
+[1] https://travis-ci.org/sybrenstuvel/python-rsa
+[2] https://coveralls.io/github/sybrenstuvel/python-rsa
+[3] https://codeclimate.com/github/sybrenstuvel/python-rsa
+[4] http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pd
+
+
+Version 3.3 - released 2016-01-13
+----------------------------------------
+
+- Thanks to Filippo Valsorda: Fix BB'06 attack in verify() by
+ switching from parsing to comparison. See [1] for more information.
+- Simplified Tox configuration and dropped Python 3.2 support. The
+ coverage package uses a u'' prefix, which was reintroduced in 3.3
+ for ease of porting.
+
+[1] https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
+
+
+Version 3.2.3 - released 2015-11-05
+----------------------------------------
+
+- Added character encoding markers for Python 2.x
+
+
+Version 3.2.1 - released 2015-11-05
+----------------------------------------
+
+- Added per-file licenses
+- Added support for wheel packages
+- Made example code more consistent and up to date with Python 3.4
+
+
+Version 3.2 - released 2015-07-29
+----------------------------------------
+
+- Mentioned support for Python 3 in setup.py
+
+
+Version 3.1.4 - released 2014-02-22
+----------------------------------------
+
+- Fixed some bugs
+
+
+Version 3.1.3 - released 2014-02-02
+----------------------------------------
+
+- Dropped support for Python 2.5
+
+
+Version 3.1.2 - released 2013-09-15
+----------------------------------------
+
+- Added Python 3.3 to the test environment.
+- Removed dependency on Distribute
+- Added support for loading public keys from OpenSSL
+
+
+Version 3.1.1 - released 2012-06-18
+----------------------------------------
+
+- Fixed doctests for Python 2.7
+- Removed obsolete unittest so all tests run fine on Python 3.2
+
+Version 3.1 - released 2012-06-17
+----------------------------------------
+
+- Big, big credits to Yesudeep Mangalapilly for all the changes listed
+ below!
+- Added ability to generate keys on multiple cores simultaneously.
+- Massive speedup
+- Partial Python 3.2 compatibility (core functionality works, but
+ saving or loading keys doesn't, for that the pyasn1 package needs to
+ be ported to Python 3 first)
+- Lots of bug fixes
+
+
+
+Version 3.0.1 - released 2011-08-07
+----------------------------------------
+
+- Removed unused import of abc module
+
+
+Version 3.0 - released 2011-08-05
+----------------------------------------
+
+- Changed the meaning of the keysize to mean the size of ``n`` rather than
+ the size of both ``p`` and ``q``. This is the common interpretation of
+ RSA keysize. To get the old behaviour, double the keysize when generating a
+ new key.
+
+- Added a lot of doctests
+
+- Added random-padded encryption and decryption using PKCS#1 version 1.5
+
+- Added hash-based signatures and verification using PKCS#1v1.5
+
+- Modeling private and public key as real objects rather than dicts.
+
+- Support for saving and loading keys as PEM and DER files.
+
+- Ability to extract a public key from a private key (PEM+DER)
+
+
+Version 2.0
+----------------------------------------
+
+- Security improvements by Barry Mead.
+
diff --git a/LICENSE b/LICENSE
index da76c9d..67589cb 100644
--- a/LICENSE
+++ b/LICENSE
@@ -4,7 +4,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/MANIFEST.in b/MANIFEST.in
index 8cf0021..1e64bd8 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -1,5 +1,6 @@
-include README
+include README.md
+include CHANGELOG.txt
include LICENSE
include *.py
recursive-include rsa *.py
-recursive-include tests *.py
+recursive-include tests *.py *.pem
diff --git a/PKG-INFO b/PKG-INFO
index cd941f0..fa19e9b 100644
--- a/PKG-INFO
+++ b/PKG-INFO
@@ -1,8 +1,8 @@
Metadata-Version: 1.1
Name: rsa
-Version: 3.2.3
+Version: 3.4.2
Summary: Pure-Python RSA implementation
-Home-page: http://stuvel.eu/rsa
+Home-page: https://stuvel.eu/rsa
Author: Sybren A. Stuvel
Author-email: sybren at stuvel.eu
License: ASL 2
@@ -15,5 +15,11 @@ Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 2.6
+Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
Classifier: Topic :: Security :: Cryptography
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ba1013b
--- /dev/null
+++ b/README.md
@@ -0,0 +1,44 @@
+Pure Python RSA implementation
+==============================
+
+[](https://pypi.python.org/pypi/rsa)
+[]
+ (https://travis-ci.org/sybrenstuvel/python-rsa)
+[]
+ (https://coveralls.io/github/sybrenstuvel/python-rsa?branch=master)
+[]
+ (https://codeclimate.com/github/sybrenstuvel/python-rsa)
+
+[Python-RSA](https://stuvel.eu/rsa) is a pure-Python RSA implementation. It supports
+encryption and decryption, signing and verifying signatures, and key
+generation according to PKCS#1 version 1.5. It can be used as a Python
+library as well as on the commandline. The code was mostly written by
+Sybren A. Stüvel.
+
+Documentation can be found at the [Python-RSA homepage](https://stuvel.eu/rsa).
+
+Download and install using:
+
+ pip install rsa
+
+or download it from the [Python Package Index](https://pypi.python.org/pypi/rsa).
+
+The source code is maintained at [Github](https://github.com/sybrenstuvel/python-rsa/) and is
+licensed under the [Apache License, version 2.0](https://www.apache.org/licenses/LICENSE-2.0)
+
+
+Plans for the future
+--------------------
+
+Version 3.4 is the last version in the 3.x range. Version 4.0 will drop the following modules,
+as they are insecure:
+
+- `rsa._version133`
+- `rsa._version200`
+- `rsa.bigfile`
+- `rsa.varblock`
+
+Those modules are marked as deprecated in version 3.4.
+
+Furthermore, in 4.0 the I/O functions will be streamlined to always work with bytes on all
+supported versions of Python.
diff --git a/README.rst b/README.rst
deleted file mode 100644
index 9f34863..0000000
--- a/README.rst
+++ /dev/null
@@ -1,31 +0,0 @@
-Pure Python RSA implementation
-==============================
-
-`Python-RSA`_ is a pure-Python RSA implementation. It supports
-encryption and decryption, signing and verifying signatures, and key
-generation according to PKCS#1 version 1.5. It can be used as a Python
-library as well as on the commandline. The code was mostly written by
-Sybren A. Stüvel.
-
-Documentation can be found at the Python-RSA homepage:
-http://stuvel.eu/rsa
-
-Download and install using::
-
- pip install rsa
-
-or::
-
- easy_install rsa
-
-or download it from the `Python Package Index`_.
-
-The source code is maintained in a `Mercurial repository`_ and is
-licensed under the `Apache License, version 2.0`_
-
-
-.. _`Python-RSA`: http://stuvel.eu/rsa
-.. _`Mercurial repository`: https://bitbucket.org/sybren/python-rsa
-.. _`Python Package Index`: http://pypi.python.org/pypi/rsa
-.. _`Apache License, version 2.0`: http://www.apache.org/licenses/LICENSE-2.0
-
diff --git a/create_timing_table.py b/create_timing_table.py
index b6f8884..6163916 100755
--- a/create_timing_table.py
+++ b/create_timing_table.py
@@ -7,7 +7,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -21,8 +21,8 @@ import rsa
poolsize = 8
accurate = True
-def run_speed_test(bitsize):
+def run_speed_test(bitsize):
iterations = 0
start = end = time.time()
@@ -35,10 +35,10 @@ def run_speed_test(bitsize):
duration = end - start
dur_per_call = duration / iterations
- print '%5i bit: %9.3f sec. (%i iterations over %.1f seconds)' % (bitsize,
- dur_per_call, iterations, duration)
-
-for bitsize in (128, 256, 384, 512, 1024, 2048, 3072, 4096):
- run_speed_test(bitsize)
+ print('%5i bit: %9.3f sec. (%i iterations over %.1f seconds)' %
+ (bitsize, dur_per_call, iterations, duration))
+if __name__ == '__main__':
+ for bitsize in (128, 256, 384, 512, 1024, 2048, 3072, 4096):
+ run_speed_test(bitsize)
diff --git a/rsa.egg-info/PKG-INFO b/rsa.egg-info/PKG-INFO
index cd941f0..fa19e9b 100644
--- a/rsa.egg-info/PKG-INFO
+++ b/rsa.egg-info/PKG-INFO
@@ -1,8 +1,8 @@
Metadata-Version: 1.1
Name: rsa
-Version: 3.2.3
+Version: 3.4.2
Summary: Pure-Python RSA implementation
-Home-page: http://stuvel.eu/rsa
+Home-page: https://stuvel.eu/rsa
Author: Sybren A. Stuvel
Author-email: sybren at stuvel.eu
License: ASL 2
@@ -15,5 +15,11 @@ Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
+Classifier: Programming Language :: Python :: 2
+Classifier: Programming Language :: Python :: 2.6
+Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.3
+Classifier: Programming Language :: Python :: 3.4
+Classifier: Programming Language :: Python :: 3.5
Classifier: Topic :: Security :: Cryptography
diff --git a/rsa.egg-info/SOURCES.txt b/rsa.egg-info/SOURCES.txt
index a26ba62..9bf2739 100644
--- a/rsa.egg-info/SOURCES.txt
+++ b/rsa.egg-info/SOURCES.txt
@@ -1,8 +1,8 @@
+CHANGELOG.txt
LICENSE
MANIFEST.in
-README.rst
+README.md
create_timing_table.py
-run_tests.py
setup.cfg
setup.py
rsa/__init__.py
@@ -30,16 +30,17 @@ rsa.egg-info/entry_points.txt
rsa.egg-info/requires.txt
rsa.egg-info/top_level.txt
tests/__init__.py
-tests/constants.py
-tests/py2kconstants.py
-tests/py3kconstants.py
+tests/private.pem
tests/test_bigfile.py
tests/test_common.py
tests/test_compat.py
tests/test_integers.py
+tests/test_key.py
tests/test_load_save_keys.py
+tests/test_parallel.py
tests/test_pem.py
tests/test_pkcs1.py
+tests/test_prime.py
tests/test_strings.py
tests/test_transform.py
tests/test_varblock.py
\ No newline at end of file
diff --git a/rsa.egg-info/entry_points.txt b/rsa.egg-info/entry_points.txt
index 55b44fb..3f5627f 100644
--- a/rsa.egg-info/entry_points.txt
+++ b/rsa.egg-info/entry_points.txt
@@ -1,10 +1,10 @@
[console_scripts]
-pyrsa-encrypt-bigfile = rsa.cli:encrypt_bigfile
pyrsa-decrypt = rsa.cli:decrypt
-pyrsa-encrypt = rsa.cli:encrypt
pyrsa-decrypt-bigfile = rsa.cli:decrypt_bigfile
-pyrsa-verify = rsa.cli:verify
-pyrsa-priv2pub = rsa.util:private_to_public
+pyrsa-encrypt = rsa.cli:encrypt
+pyrsa-encrypt-bigfile = rsa.cli:encrypt_bigfile
pyrsa-keygen = rsa.cli:keygen
+pyrsa-priv2pub = rsa.util:private_to_public
pyrsa-sign = rsa.cli:sign
+pyrsa-verify = rsa.cli:verify
diff --git a/rsa.egg-info/requires.txt b/rsa.egg-info/requires.txt
index ae4e6eb..df92049 100644
--- a/rsa.egg-info/requires.txt
+++ b/rsa.egg-info/requires.txt
@@ -1 +1 @@
-pyasn1 >= 0.1.3
\ No newline at end of file
+pyasn1 >= 0.1.3
diff --git a/rsa/__init__.py b/rsa/__init__.py
index 99fd668..c572c06 100644
--- a/rsa/__init__.py
+++ b/rsa/__init__.py
@@ -6,7 +6,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -22,24 +22,21 @@ WARNING: this implementation does not use random padding, compression of the
cleartext input to prevent repetitions, or other common security improvements.
Use with care.
-If you want to have a more secure implementation, use the functions from the
-``rsa.pkcs1`` module.
-
"""
-__author__ = "Sybren Stuvel, Barry Mead and Yesudeep Mangalapilly"
-__date__ = "2015-11-05"
-__version__ = '3.2.3'
-
from rsa.key import newkeys, PrivateKey, PublicKey
from rsa.pkcs1 import encrypt, decrypt, sign, verify, DecryptionError, \
VerificationError
+__author__ = "Sybren Stuvel, Barry Mead and Yesudeep Mangalapilly"
+__date__ = "2016-03-29"
+__version__ = '3.4.2'
+
# Do doctest if we're run directly
if __name__ == "__main__":
import doctest
+
doctest.testmod()
__all__ = ["newkeys", "encrypt", "decrypt", "sign", "verify", 'PublicKey',
- 'PrivateKey', 'DecryptionError', 'VerificationError']
-
+ 'PrivateKey', 'DecryptionError', 'VerificationError']
diff --git a/rsa/_compat.py b/rsa/_compat.py
index 3c4eb81..93393d9 100644
--- a/rsa/_compat.py
+++ b/rsa/_compat.py
@@ -6,7 +6,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,7 +16,6 @@
"""Python compatibility wrappers."""
-
from __future__ import absolute_import
import sys
@@ -42,15 +41,12 @@ else:
# Else we just assume 64-bit processor keeping up with modern times.
MACHINE_WORD_SIZE = 64
-
try:
# < Python3
unicode_type = unicode
- have_python3 = False
except NameError:
# Python3.
unicode_type = str
- have_python3 = True
# Fake byte literals.
if str is unicode_type:
@@ -68,14 +64,6 @@ except NameError:
b = byte_literal
-try:
- # Python 2.6 or higher.
- bytes_type = bytes
-except NameError:
- # Python 2.5
- bytes_type = str
-
-
# To avoid calling b() multiple times in tight loops.
ZERO_BYTE = b('\x00')
EMPTY_BYTE = b('')
@@ -90,7 +78,7 @@ def is_bytes(obj):
:returns:
``True`` if ``value`` is a byte string; ``False`` otherwise.
"""
- return isinstance(obj, bytes_type)
+ return isinstance(obj, bytes)
def is_integer(obj):
diff --git a/rsa/_version133.py b/rsa/_version133.py
index dff0dda..ff03b45 100644
--- a/rsa/_version133.py
+++ b/rsa/_version133.py
@@ -6,7 +6,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -14,8 +14,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-"""RSA module
-pri = k[1] //Private part of keys d,p,q
+"""Deprecated version of the RSA module
+
+.. deprecated:: 2.0
+
+ This submodule is deprecated and will be completely removed as of version 4.0.
Module for calculating large primes, and RSA encryption, decryption,
signing and verification. Includes generating public and private keys.
@@ -34,7 +37,11 @@ __version__ = '1.3.3'
# NOTE: Python's modulo can return negative numbers. We compensate for
# this behaviour using the abs() function
-from cPickle import dumps, loads
+try:
+ import cPickle as pickle
+except ImportError:
+ import pickle
+from pickle import dumps, loads
import base64
import math
import os
@@ -49,6 +56,9 @@ from rsa._compat import byte
import warnings
warnings.warn('Insecure version of the RSA module is imported as %s, be careful'
% __name__)
+warnings.warn('This submodule is deprecated and will be completely removed as of version 4.0.',
+ DeprecationWarning)
+
def gcd(p, q):
"""Returns the greatest common divisor of p and q
@@ -63,12 +73,6 @@ def gcd(p, q):
def bytes2int(bytes):
"""Converts a list of bytes or a string to an integer
-
- >>> (128*256 + 64)*256 + + 15
- 8405007
- >>> l = [128, 64, 15]
- >>> bytes2int(l)
- 8405007
"""
if not (type(bytes) is types.ListType or type(bytes) is types.StringType):
@@ -85,9 +89,6 @@ def bytes2int(bytes):
def int2bytes(number):
"""Converts a number to a string of bytes
-
- >>> bytes2int(int2bytes(123456789))
- 123456789
"""
if not (type(number) is types.LongType or type(number) is types.IntType):
@@ -204,11 +205,6 @@ def randomized_primality_testing(n, k):
def is_prime(number):
"""Returns True if the number is prime, and False otherwise.
-
- >>> is_prime(42)
- 0
- >>> is_prime(41)
- 1
"""
"""
@@ -228,14 +224,6 @@ def is_prime(number):
def getprime(nbits):
"""Returns a prime number of max. 'math.ceil(nbits/8)*8' bits. In
other words: nbits is rounded up to whole bytes.
-
- >>> p = getprime(8)
- >>> is_prime(p-1)
- 0
- >>> is_prime(p)
- 1
- >>> is_prime(p+1)
- 0
"""
nbytes = int(math.ceil(nbits/8.))
@@ -256,11 +244,6 @@ def getprime(nbits):
def are_relatively_prime(a, b):
"""Returns True if a and b are relatively prime, and False if they
are not.
-
- >>> are_relatively_prime(2, 3)
- 1
- >>> are_relatively_prime(2, 4)
- 0
"""
d = gcd(a, b)
diff --git a/rsa/_version200.py b/rsa/_version200.py
index 28f3601..1a16949 100644
--- a/rsa/_version200.py
+++ b/rsa/_version200.py
@@ -6,7 +6,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -14,14 +14,11 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-"""RSA module
+"""Deprecated version of the RSA module
-Module for calculating large primes, and RSA encryption, decryption,
-signing and verification. Includes generating public and private keys.
+.. deprecated:: 3.0
-WARNING: this implementation does not use random padding, compression of the
-cleartext input to prevent repetitions, or other common security improvements.
-Use with care.
+ This submodule is deprecated and will be completely removed as of version 4.0.
"""
@@ -39,6 +36,8 @@ from rsa._compat import byte
# Display a warning that this insecure version is imported.
import warnings
warnings.warn('Insecure version of the RSA module is imported as %s' % __name__)
+warnings.warn('This submodule is deprecated and will be completely removed as of version 4.0.',
+ DeprecationWarning)
def bit_size(number):
@@ -59,13 +58,7 @@ def gcd(p, q):
def bytes2int(bytes):
- """Converts a list of bytes or a string to an integer
-
- >>> (((128 * 256) + 64) * 256) + 15
- 8405007
- >>> l = [128, 64, 15]
- >>> bytes2int(l) #same as bytes2int('\x80@\x0f')
- 8405007
+ r"""Converts a list of bytes or a string to an integer
"""
if not (type(bytes) is types.ListType or type(bytes) is types.StringType):
@@ -99,9 +92,6 @@ def int2bytes(number):
def to64(number):
"""Converts a number in the range of 0 to 63 into base 64 digit
character in the range of '0'-'9', 'A'-'Z', 'a'-'z','-','_'.
-
- >>> to64(10)
- 'A'
"""
if not (type(number) is types.LongType or type(number) is types.IntType):
@@ -128,9 +118,6 @@ def to64(number):
def from64(number):
"""Converts an ordinal character value in the range of
0-9,A-Z,a-z,-,_ to a number in the range of 0-63.
-
- >>> from64(49)
- 1
"""
if not (type(number) is types.LongType or type(number) is types.IntType):
@@ -157,9 +144,6 @@ def from64(number):
def int2str64(number):
"""Converts a number to a string of base64 encoded characters in
the range of '0'-'9','A'-'Z,'a'-'z','-','_'.
-
- >>> int2str64(123456789)
- '7MyqL'
"""
if not (type(number) is types.LongType or type(number) is types.IntType):
@@ -177,9 +161,6 @@ def int2str64(number):
def str642int(string):
"""Converts a base64 encoded string into an integer.
The chars of this string in in the range '0'-'9','A'-'Z','a'-'z','-','_'
-
- >>> str642int('7MyqL')
- 123456789
"""
if not (type(string) is types.ListType or type(string) is types.StringType):
@@ -270,11 +251,6 @@ def randomized_primality_testing(n, k):
def is_prime(number):
"""Returns True if the number is prime, and False otherwise.
-
- >>> is_prime(42)
- 0
- >>> is_prime(41)
- 1
"""
if randomized_primality_testing(number, 6):
@@ -288,14 +264,6 @@ def is_prime(number):
def getprime(nbits):
"""Returns a prime number of max. 'math.ceil(nbits/8)*8' bits. In
other words: nbits is rounded up to whole bytes.
-
- >>> p = getprime(8)
- >>> is_prime(p-1)
- 0
- >>> is_prime(p)
- 1
- >>> is_prime(p+1)
- 0
"""
while True:
diff --git a/rsa/asn1.py b/rsa/asn1.py
index 6eb6da5..b724b8f 100644
--- a/rsa/asn1.py
+++ b/rsa/asn1.py
@@ -6,7 +6,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -14,38 +14,40 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-'''ASN.1 definitions.
+"""ASN.1 definitions.
Not all ASN.1-handling code use these definitions, but when it does, they should be here.
-'''
+"""
from pyasn1.type import univ, namedtype, tag
+
class PubKeyHeader(univ.Sequence):
componentType = namedtype.NamedTypes(
- namedtype.NamedType('oid', univ.ObjectIdentifier()),
- namedtype.NamedType('parameters', univ.Null()),
+ namedtype.NamedType('oid', univ.ObjectIdentifier()),
+ namedtype.NamedType('parameters', univ.Null()),
)
+
class OpenSSLPubKey(univ.Sequence):
componentType = namedtype.NamedTypes(
- namedtype.NamedType('header', PubKeyHeader()),
-
- # This little hack (the implicit tag) allows us to get a Bit String as Octet String
- namedtype.NamedType('key', univ.OctetString().subtype(
- implicitTag=tag.Tag(tagClass=0, tagFormat=0, tagId=3))),
+ namedtype.NamedType('header', PubKeyHeader()),
+
+ # This little hack (the implicit tag) allows us to get a Bit String as Octet String
+ namedtype.NamedType('key', univ.OctetString().subtype(
+ implicitTag=tag.Tag(tagClass=0, tagFormat=0, tagId=3))),
)
class AsnPubKey(univ.Sequence):
- '''ASN.1 contents of DER encoded public key:
-
+ """ASN.1 contents of DER encoded public key:
+
RSAPublicKey ::= SEQUENCE {
modulus INTEGER, -- n
publicExponent INTEGER, -- e
- '''
+ """
componentType = namedtype.NamedTypes(
- namedtype.NamedType('modulus', univ.Integer()),
- namedtype.NamedType('publicExponent', univ.Integer()),
+ namedtype.NamedType('modulus', univ.Integer()),
+ namedtype.NamedType('publicExponent', univ.Integer()),
)
diff --git a/rsa/bigfile.py b/rsa/bigfile.py
index 516cf56..3a09716 100644
--- a/rsa/bigfile.py
+++ b/rsa/bigfile.py
@@ -6,7 +6,7 @@
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
@@ -14,7 +14,27 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-'''Large file support
+"""Large file support
+
+.. deprecated:: 3.4
+
+ The VARBLOCK format is NOT recommended for general use, has been deprecated since
+ Python-RSA 3.4, and will be removed in a future release. It's vulnerable to a
+ number of attacks:
+
+ 1. decrypt/encrypt_bigfile() does not implement `Authenticated encryption`_ nor
+ uses MACs to verify messages before decrypting public key encrypted messages.
+
+ 2. decrypt/encrypt_bigfile() does not use hybrid encryption (it uses plain RSA)
+ and has no method for chaining, so block reordering is possible.
+
+ See `issue #19 on Github`_ for more information.
+
+.. _Authenticated encryption: https://en.wikipedia.org/wiki/Authenticated_encryption
+.. _issue #19 on Github: https://github.com/sybrenstuvel/python-rsa/issues/13
+
+
+This module contains functions to:
- break a file into smaller blocks, and encrypt them, and store the
encrypted blocks in another file.
@@ -37,25 +57,40 @@ The encrypted file format is as follows, where || denotes byte concatenation:
This file format is called the VARBLOCK format, in line with the varint format
used to denote the block sizes.
-'''
+"""
+
+import warnings
from rsa import key, common, pkcs1, varblock
from rsa._compat import byte
+
def encrypt_bigfile(infile, outfile, pub_key):
- '''Encrypts a file, writing it to 'outfile' in VARBLOCK format.
-
+ """Encrypts a file, writing it to 'outfile' in VARBLOCK format.
+
+ .. deprecated:: 3.4
+ This function was deprecated in Python-RSA version 3.4 due to security issues
+ in the VARBLOCK format. See the documentation_ for more information.
+
+ .. _documentation: https://stuvel.eu/python-rsa-doc/usage.html#working-with-big-files
+
:param infile: file-like object to read the cleartext from
:param outfile: file-like object to write the crypto in VARBLOCK format to
:param pub_key: :py:class:`rsa.PublicKey` to encrypt with
- '''
+ """
+
+ warnings.warn("The 'rsa.bigfile.encrypt_bigfile' function was deprecated in Python-RSA version "
+ "3.4 due to security issues in the VARBLOCK format. See "
+ "https://stuvel.eu/python-rsa-doc/usage.html#working-with-big-files "
+ "for more information.",
+ DeprecationWarning, stacklevel=2)
if not isinstance(pub_key, key.PublicKey):
raise TypeError('Public key required, but got %r' % pub_key)
key_bytes = common.bit_size(pub_key.n) // 8
- blocksize = key_bytes - 11 # keep space for PKCS#1 padding
+ blocksize = key_bytes - 11 # keep space for PKCS#1 padding
# Write the version number to the VARBLOCK file
outfile.write(byte(varblock.VARBLOCK_VERSION))
@@ -67,21 +102,34 @@ def encrypt_bigfile(infile, outfile, pub_key):
varblock.write_varint(outfile, len(crypto))
outfile.write(crypto)
+
def decrypt_bigfile(infile, outfile, priv_key):
- '''Decrypts an encrypted VARBLOCK file, writing it to 'outfile'
-
+ """Decrypts an encrypted VARBLOCK file, writing it to 'outfile'
+
+ .. deprecated:: 3.4
+ This function was deprecated in Python-RSA version 3.4 due to security issues
+ in the VARBLOCK format. See the documentation_ for more information.
+
+ .. _documentation: https://stuvel.eu/python-rsa-doc/usage.html#working-with-big-files
+
:param infile: file-like object to read the crypto in VARBLOCK format from
:param outfile: file-like object to write the cleartext to
:param priv_key: :py:class:`rsa.PrivateKey` to decrypt with
- '''
+ """
+
+ warnings.warn("The 'rsa.bigfile.decrypt_bigfile' function was deprecated in Python-RSA version "
+ "3.4 due to security issues in the VARBLOCK format. See "
+ "https://stuvel.eu/python-rsa-doc/usage.html#working-with-big-files "
+ "for more information.",
+ DeprecationWarning, stacklevel=2)
if not isinstance(priv_key, key.PrivateKey):
raise TypeError('Private key required, but got %r' % priv_key)
... 3957 lines suppressed ...
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/python-modules/packages/python-rsa.git
More information about the Python-modules-commits
mailing list